Cisco Knowledge Network January 15, 2020...2020/01/15 · Internet MPLS vManage Remote Site Data...
Transcript of Cisco Knowledge Network January 15, 2020...2020/01/15 · Internet MPLS vManage Remote Site Data...
Cisco Knowledge NetworkJanuary 15, 2020
Delivering Managed SD-WAN Simply and SecurelyWAN Transformation
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ron Penna Offer Development Manager - Global Service Provider
Matt FalknerDistinguished Engineer - Technical Marketing
Bobby VruwinkService Provider SE - Meraki
Presenters
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connecting Users to the Data Center was the Priority
Data Center
Applications
WAN
Internet
Best Effort
Users
Branch/Campus
Users
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
WAN
Then the Way We Worked Changed
Mobile Users
Campus & Branch Users
Devices & Things
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Mobile Users
Campus & Branch Users
Devices & Things
WAN
Applications Moved to Not One Cloud, But Many
DC/Private Cloud
SaaS
IaaS
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN in Simple Words…
VPN out of the box
PERFORMANCE ROUTINGMULTIPLE UPLINKS
Differing connectivity options and speeds
Application-aware path control
OVERLAY VPN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Addressing Next-Generation Partner and End-Customer Business Outcomes
Visibility, Assurance, Automation, Analytics and Workforce Experience
Pervasive Security – Identity, Mobility, Policy and Compliance
Devices
SoftwareDefined Access
SoftwareDefinedWAN
CloudEdge
Services
Users
Internet
SaaS
Data Center (ACI)
Public Cloud
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN is a Key Component in the IBN Journey
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Evolving End-Customer WAN Strategies
Distributed Resources
Multicloud WANMultiple Carriers
Single Global WAN Centralized AppsOne Carrier
Is evolving into…
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SD-WAN Customer Buying Triggers
• Shifting to cloud applications (G Suite, Office 365) and need to address performance concerns
• The need for real time, end to end visibility from device, LAN, WAN and Cloud Applications
• Reduction in the complexity and managing the costs of the WAN
• Deploying real-time or bandwidth-hungryapplications across multiple locations
• Many small to medium offices in a distributed environment
• Limited or no IT personnel at branches
• Looking to refresh the WAN routers, or negotiate a managed WAN contract
• Small and medium offices looking for an integrated cloud managed branch solution including wired and wireless access, security with SD-WAN
Cisco’s meets these requirements with its SD-WAN platforms
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Flexible Offers and Solutions From Cisco
VPNOverlay
PerformanceRouting
TransportIndependent
HighlyScalable
Cloud endpointAWS/Azure
LTEFailover
PrivateCloud
SimplicityCustomization
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Software Buying ProgramsAddressing the needs of the entire market
All customers
Subscription Agreement
Manage multiple subscriptions and user enrollments
Enterprise(Large & Medium)
Enterprise Agreement(EA)
Commitment to Enterprise-wide
purchase of Cisco software
architecture(s)
Partners delivering managed services
Scale license capacity based on
consumption
Managed Services License Agreement
(MSLA)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Do you currently sell an “all in one” SD-WAN and security solution, or are they typically sold separately?
Poll
1) Yes, we have an all in one product2) No, these products are sold separately3) We offer SD-WAN, but not security4) We offer security, but not SD-WAN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Common Architectural Use Cases
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Critical Applications SLA
Path1: 10ms, 0% loss, 5ms jitterPath2: 200ms, 3% loss, 10ms jitterPath3: 140ms, 1% loss, 10ms jitter
App Aware Routing PolicyApp A path must have:
Latency ≤ 150msLoss ≤ 2%
Jitter ≤ 10ms
Internet
MPLS
4G LTE
vManage
SDWAN Tunnel
Remote Site
Data CenterPath 2
• Each vEdge router continuously monitors path performance and adjusts forwarding
• Configurable probing intervals
App A
SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Bandwidth Augmentation
Traffic Engineering Policy(data policy)
App A -> MPLS TLOCApp B -> Internet TLOC
Internet
MPLS
vManage
Remote Site
Data Center
App A -> MPLS TLOCApp B -> Internet TLOC
• Augment MPLS with Internet bandwidth
• Create traffic engineering policy to steer application traffic- Active/Active if no policy
A
B
SDWAN Tunnel SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure Segmentation
Configuration TemplatesAssign interfaces and sub-
interfaces to respective VPNs
vManage
Remote Site 1 Data Center
Remote Site 2
Internet
MPLS
ge0/2 -> VPN1ge0/3.2 -> VPN2ge0/3.3 -> VPN3
ge0/2.1 -> VPN1ge0/3.2 -> VPN2
ge0/2.1 -> VPN1ge0/2.2 -> VPN2ge0/2.3 -> VPN3
• Complete isolation in the control and data plane
• Not all VPNs have to be present everywhere
• Policies are VPN-aware
VPN1
VPN2
VPN1
VPN2
VPN3
VPN1
VPN2
VPN3
SDWAN Tunnel SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Regional Secure Perimeter
Service Insertion Policy(control policy)App A -> Route
App B -> FW Service
Internet
MPLS
vManage
Remote Site
Data Center
RegionalHubFW Service
A
B
RegionalFirewall
App A -> NH DC, LBL VPN1App B -> NH RegHub, LBL FW
(OMP)
App A -> NH Remote Site, LBL VPN1App B -> NH RegHub, LBL FW
(OMP)
• Firewall service is advertised into the VPN of choice from regional hub
• Control (or data) policy is used to steer the traffic of interest from remote site through Firewall
SDWAN Tunnel
SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Guest WiFi
Guest WiFi(data policy)App A -> DIA
Internet
MPLS
vManage
Remote Site
Data Center
App A -> DIA
DIAVPN1
VPN2
A
VPN2
• Guest WiFi traffic is segmented off. Guest WiFi VPN is not carried over the fabric.
• Support both simple DIA and DIA through Cloud Security
Internet
SDWAN Tunnel SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deployed Use Cases - Sample
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DIA & DCA
Configuration TemplatesConfigure DNS server in
service side VPN and activate DPI
Internet
MPLS
vManage
Remote Site
Data Center
DNS Server -> OpenDNS
DNSQuery
VPN0
VPN1
• DNS-based security• Overrides client DNS settings
SDWAN Tunnel SDWAN Fabric
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WANPowered By Viptela
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN
Apps
SD-WAN Cloud Use-Cases.…
WAN
USERS
DC
IaaS
SaaS
vDC
AnalyticsCloud Delivered
DEVICES
THINGS
Intent-based Network Infrastructure
DNA Center
AnalyticsPolicy Automation
I N T E N T C O N T E X T
S E C U R I T Y
L E A R N I N G
0 Transport IndependentWAN Fabric
1 Cloud Delivered WAN with Operational Simplicity and Analytics
4End-point flexibility: • Physical or Virtual• Rich Services or Lite• Branch, Agg, Cloud
2 Superior Security Achitecture: Cloud based and On-prem
3 Application QOE5
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPsec VPN
Enterprise Firewall App Aware
Intrusion Prevention
DNS/web-layer Security
Risk
Attack surface
Exposure
IPsec VPN
Enterprise Firewall App Aware
URL Filtering
Attack surface
ExposureRisk
IPsec VPN
Enterprise Firewall App Aware
Intrusion Prevention
DNS/web-layer Security
Attack surface
Exposure
Direct Cloud AccessGuest Access Direct Internet AccessCompliance
IPsec VPN
Enterprise Firewall App Aware
Intrusion Prevention
Attack surface
Exposure
SD-WAN Cloud Access: Re-thinking of Security Architectures
Protect sensitive data (card holder data, patient data) before, during and after a transaction.
Prevent guest users from disrupting my network when browsing the internet via guest wi-fi
Protect branch office when using direct cloud access to provide better user experience for cloud apps
Protect myself against potential threats when using the local internet path for all internet traffic
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enterprise FirewallClassification of +1400 layer 7 apps
Intrusion Protection SystemMost widely deployed IPS engine in
the world
URL-FilteringWeb reputation score using 82+ web
categories
Simplified Cloud SecurityEasy deployment of Cisco UmbrellaCisco SD-WAN
Cisco Security
Hours instead of weeks and months
Viptela Best-of-Breed in Security & SD-WAN
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Single Pane Of Glass Operations
Cisco SD-WAN Operations
Rich Analytics
• Cloud-first management and orchestration• Zero-touch provisioning
• Troubleshooting with simplified workflows • Advanced analytics and assurance
vManage vAnalytics
Simplicity and Visibility
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco SD-WAN Powered By Meraki
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meraki Customer Profiles
Customers with up to 200 users with any number of sites can deploy SD-WAN in a cost efficient manner
SMALL MEDIUM BUSINESS
Moved to Azure or AWS? No problem! Extend your SD-WAN to the cloud in a simple and secure fashion
CLOUD APPLICATIONS
Interconnect any site, anywhere with SD-WAN overlay, and reduce complexity
DISTRIBUTED ENTERPRISE
See more and do more with the most intuitive management interface available today from Cisco Meraki
DESIRE VISIBLITY
Rely on a trusted partner and vendor to manage the full stack IT without compromising on the value
LEAN IT
Zero touch deployment gives these customers the fastest migration path to SD-WAN with minimal downtime
DOWNTIME SENSITIVE
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Meraki Value Proposition
Deploy in zero touch, Save cost, Reduce downtimes, Improve productivity. CTRL+C CTRL+V
EASY TO DEPLOY
Sell any number of devices, manage any number of devices, dashboard scales to thousands of devices!
SCALES TO ANY SIZE
One single pane of glass, regardless of the customer, regardless of the product, regardless of the location.
CENTRALLY MANAGED
All inclusive license with a 1:1 ratio makes the Meraki BoM so simple and easy for anyone to sell!
QUICK AND EASY BOM
In simple math: Hardware + License + Service. That’s it!
LOW TCO
DEMO TRY BUY
SHORT SALES CYCLE
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Why Does This Matter?
Meraki SD-WAN offers solutions to more use cases with a Security & SD-WAN solution
CAPTURE NEW MARKET
With more sites comes more services, and with more links comes more services as well and more revenue
ATTACH SERVICES
Reduce churn by offering customers an attractive solution that reduces cost and improves application performance
CUSTOMER RETENTION
Why not offer 4G backup as part of the solution to increase your revenue and improve service footprint??
MOBILE BACKUP
SD-WAN will not run on a single link! Customers moving to SD-WAN will need additional links at EVERY site
UPSELL CONNECTIVITY
Single management platform, simple to use, with zero investment to stand up or manage any number of customers
REDUCE OPEX
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How?
MPLS
BROADBAND
HYBRID WAN
BRANCHHQ / DC
BROADBAND
BROADBAND
INTERNET WAN
BRANCHHQ / DC
MPLS
BRANCHHQ / DC
MPLS WAN
MERAKI SD-WAN
1
2
3
Problem: High cost to expand capacity of existing MPLS network to keep up with bandwidth requirements
Supplement an existing MPLS network with broadband for increased bandwidth
Offload critical traffic from MPLS to broadband with policy based routing, dynamic path selection
Dual high speed broadband connections
Load balance business critical traffic based on policy or link performance
RED
UC
ING
CO
ST
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connectivity and Security With Meraki MX
All-in-one: Secure SD-WAN and advanced visibilityü MX delivers enterprise security directly at the branchü Meraki Insight provides deep visibility beyond the LAN
ü Track client experience for business-critical web applicationsü Receive real-time alerts for performance degradation
ü Pinpoint root cause of performance issues in minutes
B R A N C H
M X+
M I
L A N W A N S E R V E R
H Q / D CM X
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meraki Full Stack
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meraki SD-WANArchitecture
SD-WANOverlay
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ease of Deployment
WAN2
2. Choose the preferred path for the application provided that it meets and exceeds your SLA
3. Application is routed over preferred path and will fallback in case of performance degradation. Performance routing can be monitored on dashboard
1. Create the SLA needed for the application
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meraki MXEverything….plus:
• Wireless Access Point
• Wireless Concentrator
• ClientVPN
• Cellular Backup
Intrusion PreventionProtects critical network resources from the latest security threats and vulnerabilities.
AutoVPNSecurely connects branch locations using mesh or hub-and-spoke topologies. Provides simple VPN access into Amazon Web Services and Microsoft Azure.
Content FilteringBlock undesirable web content across 70+ categories, and leverage cloud lookups to filter billions of URLs.
Identity Based FirewallAutomatically assigns firewall and traffic shaping rules, VLAN tags, and bandwidth limits to enforce the right policies for each class of users.
High Availability & FailoverProvides device and connection integrity through multiple uplinks, warm spare failover, and self-healing VPN.
Application Visibility & ControlIdentify which applications are being used, and then prioritize critical apps while limiting recreational apps.
Centralized ManagementSeamlessly manage campus-wide WiFi deployments and distributed multi-site networks from a single pane-of-glass.
Advanced Malware ProtectionProtect your network against malware using the latest threat intelligence, and identify previously unknown malicious files with retrospective detection.
Branch CPE
Meraki Deployment Modes
MX terminates the WAN links in RJ45 format and provides NAT and security features. It will also create SD-WAN tunnels to a head-end and route traffic based on performance
MX deployed inline to offer application visibility and security assessment reflecting customer threats in security center. MX can also create SD-WAN tunnels to a head-end (no VLANs)
Inspection CPE
High performance MX to terminate all SD-WAN tunnels and provide routing functionality to/from DC and other networks.
Hub CPE
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Site Profiling
Z3 and Z3C (Integrated Cellular)
Meraki Insight XS license
Small sites
MX250/MX450 with SFP/SFP+ options
Meraki Insight L/XL license
Large Sites
MX64/67/68 with optional built-in wireless and integrated cellular
Meraki Insight S license
Medium Sites
MX250/MX450 concentrators
OSPF/BGP
Data Centers
MX84/100
Meraki Insight M License
Medium/Large sites
vMX (AWS and Azure)
Cloud Integration
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How It All Looks Together
3G/4G Internet MPLS
Z3C
MX67C
MX68CWMX84
MX100
MX250
MX450
MX100
MX450
SOHO ~ 50Mbps
Small ~ 200Mbps
Small/Medium ~ 200Mbps
LAN/PoE/WiFiMedium ~ 500Mbps
Hub
Critical ~ 750Mbps
Large ~ 1Gbps
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Partner Value Journey with Agile Service Creation (ASC)
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Developed to help Cisco service provider (SP) partners accelerate their time to revenue when bringing new Cisco solution-based managed services to market.
Agile Service Creattion (ASC) will provide recommendations, tools, templates and resources that its consumers can utilize throughout the service creation lifecycle, from concept to launch.
ObjectivesGlobal
SD-WAN Experts
Marketing Tools& Assets
Sales & Technical Training Materials
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Agile Service Creation FrameworkHow It Works
Sales Operations
Product Management
MarketingServiceDelivery
Service Discovery Workshop
Buyer Insights
Gathering
Service Creation
WorkshopAlpha
TestingLimited
AvailabilityGeneral
Availability
Service creation commences with an interactive workshop that initiates four interdependent workstreams
Each of the four business entities is represented during the service creation process to produce successful outcomes
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Key Deliverables
Service Description Positioning and Pricing Value Propositions
Service Architecture Service Delivery Go-To-Market